No. Sharing passwords in India violates multiple statutes, including the Information Technology Act, 2000, and the Personal Data Protection Bill (PDP Bill), 2023. Unauthorized access risks criminal liability under Section 66D, with penalties up to ₹1 lakh and 3 years imprisonment. Corporate entities face scrutiny under the CERT-In Directions, 2022, for failing to prevent credential misuse.
Key Regulations for Sharing Passwords in India
- Information Technology Act, 2000 (Section 66D): Criminalizes fraudulent or dishonest use of another’s password, punishable by fines and imprisonment. Courts have upheld convictions where passwords were shared to access financial or sensitive data.
- Personal Data Protection Bill (PDP Bill), 2023: Mandates strict consent requirements for data access. Sharing passwords to bypass authentication breaches “reasonable security practices,” exposing entities to penalties under Section 25 (up to ₹15 crore or 4% of global turnover).
- CERT-In Directions, 2022: Requires organizations to report cybersecurity incidents within 6 hours. Failure to prevent password-sharing incidents may trigger mandatory disclosures, compounding legal exposure.
Corporate policies must enforce multi-factor authentication (MFA) and prohibit password sharing to align with RBI’s 2024 cybersecurity guidelines for financial institutions. Courts increasingly treat password sharing as aiding “unauthorized access,” a cognizable offense under the IT Act. Non-compliance with PDP Bill provisions post-enactment will likely attract stringent penalties, including data principal compensation claims.